I don't have time to read all of the messages so it's likely that
someone pointed out some serious flaws in this approach. But first I
need to emphasize the difference between the envelope used to transport
the message and the header which is like the inner header in a business
letter and it is entirely optional. Sure, you're supposed to have from,
to and date but it works without it. There is an unfortunate design
error in that envelope is out of band and there is no standard way to
preserve it. This should be fixed but ...
Second, the word "forge", that's a moral term. One synthesize the
envelope for whatever purpose is appropriate and we shouldn't prejudge
this. In fact, I have to forge the from address for this letter in order
to keep the list manager happy since I use a different address for each
list. It isn't bogus, just informative. The Caller-ID for phone calls is
buggy since it doesn't tell me who is calling, just which phone they
happen to be using. I don't want to have be authorized to send mail.
How do you know I'm not a synthesized persona or that I don't present
different persona depending upon my role, job or mood. That's normal and
fundamental to living in an ambiguous universe.
You cannot get authentication from the DNS. It's just a repository of
lookup keys that get reused over time (unfortunately). Authentication is
a very deep and complex concept and there is no magic trust algebra. You
can buy services for vouching or other purposes from third parties and
require others who communicate you meet your own criteria such as having
VeriSign certs or having ones generated by Joe if you want "Joe sent me"
in your own private key community. Or you can simply have their bank say
"yeah, he has the money to cover the purchase".
Conclusion. This is not an Email issue -- it's a product that you might
want to offer but it cannot be mandated any more than you can have .XXX
and .KIDs.
Also, please define what it means for mail to be delivered?
PS: I am replying to the forwarded pointer because it also illustrate a
bigger problem -- the damn wrapping that occurs because of teletype
compatibility mode. I'm became quite proficient with the KSR and ASR
33,35,37 and 43 (well, not much with the 43 -- too new). But that
doesn't mean I'm glad to be living in the 1960's in terms of email. But
that's a separate grip -- I resisted using HTML though that's enough of
a reason to use it.
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org] On
Behalf Of Alan
DeKok
Sent: Thursday, March 20, 2003 13:38
To: asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] A possible way to a solution?
william(_at_)elan(_dot_)net wrote:
I strongly recommend to read my presentation at:
http://www.elan.net/~william/asrg-emailpathverification-presentation.pdf
I think the document is very helpful. Simply having the picture of
a complex "real-word" e-mail deliver path means that any potential
solution can point to the picture, and say "we fit here." That
capability was what was missing from many of the proposed solutions.
Alan DeKok.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg